package com.huawei.security.config;

import com.huawei.security.filter.ValidateCaptchaFilter;
import com.huawei.security.filter.ValidateJwtTokenFilter;
import com.huawei.security.handler.AppAccessDenyHandler;
import com.huawei.security.handler.AppLoginFailHandler;
import com.huawei.security.handler.AppLoginSuccessHandler;
import com.huawei.security.handler.AppLogoutSuccessHandler;
import com.huawei.service.impl.AppUserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

/**
 * @Author LF
 * projectName:vue-cli
 * description: springboot用2.6.13
 * time:2025-04-28 19:44
 */
@Configuration
public class SercurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private AppUserServiceImpl appUserService;

    @Resource
    private AppLoginSuccessHandler loginSuccessHandler;

    @Resource
    private AppAccessDenyHandler accessDenyHandler;

    @Resource
    private AppLoginFailHandler loginFailHandler;

    @Resource
    private AppLogoutSuccessHandler logoutSuccessHandler;

    @Resource
    private ValidateJwtTokenFilter validateJwtTokenFilter;

    @Resource
    private ValidateCaptchaFilter validateCaptchaFilter;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 配置认证管理器使用指定的用户详情服务
        auth.userDetailsService(appUserService); // 使用appUserService作为用户详情服务
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 在 UsernamePasswordAuthenticationFilter 之前添加一个过滤器
        http.addFilterBefore(validateJwtTokenFilter, UsernamePasswordAuthenticationFilter.class);
        // 在token过滤器之前添加验证码校验过滤器
        http.addFilterBefore(validateCaptchaFilter, ValidateJwtTokenFilter.class);

        // 配置异常处理，设置访问被拒绝时的处理器
        http.exceptionHandling().accessDeniedHandler(accessDenyHandler);

        // 配置表单登录
        http.formLogin()
                // 设置登录处理URL
                .loginProcessingUrl("/login")
                // 设置用户名参数名
                .usernameParameter("username")
                // 设置密码参数名
                .passwordParameter("password")
                // 设置登录成功时的处理器
                .successHandler(loginSuccessHandler)
                // 设置登录失败时的处理器
                .failureHandler(loginFailHandler)
                // 允许所有用户访问登录页面
                .permitAll();

        //禁用跨站请求伪造保护
        http.csrf().disable();
        http.cors();

        //禁用session
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);

        // 允许所有用户访问登录页面
        http.authorizeRequests()
                .mvcMatchers("/login", "/captcha/getCaptcha").permitAll() // 允许访问登录页面和验证码获取接口
                .anyRequest().authenticated();//其他所有请求需要认证

    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    //public static void main(String[] args) {
    //    String encode = new BCryptPasswordEncoder().encode("123456");
    //    System.out.println("encode = " + encode);
    //}
}
